APPLIED[L/J/F/HWE-5.19]: [SRU Focal/Jammy/HWE-5.19/OEM-6.0/OEM-6.1/Lunar 0/1] CVE-2023-1206

[Stefan Bader]

On 11.08.23 02:56, Cengiz Can wrote:
> [Impact]
> A hash collision flaw was found in the IPv6 connection lookup table in the
> Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood
> attack. A user located in the local network or with a high bandwidth connection
> can increase the CPU usage of the server that accepts IPV6 connections up to
> 95%.
> 
> [Fix]
> Cherry picked from upstream to all kernels.
> 
> [Test case]
> Compile and boot tested only.
> 
> [Potential regression]
> IPv6 users can be affected, however highly unlikely since the fix only improves
> an inline hash calculation function.
> 
> Stewart Smith (1):
>    tcp: Reduce chance of collisions in inet6_hashfn().
> 
>   include/net/ipv6.h | 8 ++------
>   1 file changed, 2 insertions(+), 6 deletions(-)
> 

Applied to lunar,jammy,focal:linux/master-next and 
jammy:linux-hwe-5.19/hwe-5.19-next. Thanks.

-Stefan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 44613 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230831/9ab35fda/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230831/9ab35fda/attachment-0001.sig>